CVE-2026-27794

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...

CVE-2025-64420 Coolify members can see private key of root user

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

Coolify 命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.445, which stems from improper cleanup of the docker-compose.yaml parameter, which could lead to command executio...

PT-2024-27253 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows a remote attacker to execute arbitrary code in pre-installed apps through use after free. Recommendations: For versions prior to 4.0.0, update to a version that contains a fix...

PT-2024-23749 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows a local attacker to cause apps to crash through type confusion. Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue...

CVE-2024-20826

Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent...

PT-2023-32590 · 52North · 52North Wps

Name of the Vulnerable Software and Affected Versions: 52North WPS versions prior to 4.0.0-beta.11 Description: An XXE XML External Entity vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP...

PT-2023-29703 · Torbot +1 · Torbot +1

Name of the Vulnerable Software and Affected Versions: Torbot versions prior to 4.0.0 Description: The issue concerns the torbot.modules.validators.validate link function, which uses the python-validators URL validation regex. This regular expression has exponential complexity, allowing an attack...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

keycloak: infinite loop in session replacement leading to denial of service

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the...